JP7397082B2 - Secure data channel in network gaming systems - Google Patents

Description

The present disclosure relates to systems and methods for secure data channels in network gaming systems that enable secure information sharing that protects user privacy of user-generated data.

The field of video games is a rapidly growing technology field that now includes numerous gaming platforms, including dedicated game consoles, personal computers (PCs), and more recently cloud gaming devices and mobile devices. . Game play is becoming increasingly social as players desire social interactions centered around games. As a result, network gaming services/systems have been developed that include communication mechanisms between players, allowing communication and social interaction both during game play and outside of game play, but within the context of the video game platform. An example of a network gaming service/system is the PlayStation® Network, which includes a variety of gaming services that support both console-based and cloud-based gaming.

In a cloud gaming setup, a user can access a number of games on a cloud gaming site over a network such as the Internet and begin interacting with/playing the games. A user accesses his or her account on a cloud gaming site to select a game for gameplay and starts one of a plurality of games playable in the user account. Video generated from cloud video games is transferred to client devices. An example of a cloud game system is the PlayStation (registered trademark) Now cloud game service.

It is against this background that embodiments of the present disclosure arise.

Embodiments of the present disclosure provide methods and systems used to provide a secure data channel for sharing information in a cloud gaming system.

In some implementations, initiating a data channel via a network gaming service includes: generating a channel key used to encrypt content communicated via the data channel; generating a first encrypted channel key by encrypting the channel key with a public key associated with the owner of the channel; and adding a participant to the data channel. and generating a second encrypted channel key by encrypting the channel key with a public key associated with the participant. and the message sent over the data channel includes encrypted content generated by encrypting the content of the message using the channel key, and further includes a first encrypted channel. The method is provided, including a key and a second encrypted channel key.

In some implementations, when the message is received by a user device associated with the owner, the channel key is decrypted from the first encrypted channel key using a private key associated with the owner. The encrypted and decrypted channel key is further used to decrypt the encrypted content of the message.

In some implementations, when a message is received by a user device associated with a participant, the channel key is decrypted from the second encrypted channel key using a private key associated with the participant. The encrypted and decrypted channel key is further used to decrypt the encrypted content of the message.

In some implementations, the method further comprises: removing the participant from the data channel, generating a second channel key; and generating a third encrypted channel key by encrypting the third encrypted channel key.

In some implementations, the second channel key is not encrypted with the public key associated with the participant.

In some implementations, the method further comprises adding a second participant to the data channel, the method further comprising: encrypting the channel key with a public key associated with the second participant. and generating an encrypted channel key.

In some implementations, the message sent over the data channel further includes a third encrypted channel key.

In some implementations, receiving a first encrypted channel key for the data channel over a network from an owner device associated with an owner of the data channel, the first encrypted A channel key encrypted with a public key associated with the data channel owner, the channel key is used to encrypt content shared over the data channel. and receiving one or more second encrypted channel keys from the owner device over the network, each second encrypted channel key respectively receiving a first encrypted channel key and one or more second encrypted channel keys, the first encrypted channel key being a channel key encrypted with a public key associated with each participant in the channel; and distributing the channel list over a network to one or more participant devices each associated with each participant of the data channel, the method comprising: The method is provided, wherein communication over a data channel includes a first encrypted channel key, a second encrypted channel key, and content encrypted using the channel key.

In some implementations, when the communication is received by the owner device over the data channel, the channel key is decrypted from the first encrypted channel key using a private key associated with the owner. The encrypted and decrypted channel key is further used to decrypt the encrypted content of the communication.

In some implementations, when a communication is received by a participant device over the data channel, the channel key is decrypted from the second encrypted channel key using a private key associated with the participant. The encrypted and decrypted channel key is further used to decrypt the encrypted content of the communication.

In some implementations, the method further comprises receiving the first encrypted second channel key of the data channel from the owner device via the network, the first encrypted second channel key The second channel key is a second channel key encrypted with a public key associated with the owner of the data channel, and the second channel key is configured to exclude at least one of the participants. receiving one or more encrypted second encrypted contents from the owner device over the network, which are used to encrypt the content shared over the data channel; receiving channel keys, each second encrypted second channel key being a second channel key encrypted with a public key of one of the participants; The one or more second encrypted second channel keys include a second encrypted second channel key that is a second channel key encrypted with the public key of the excluded at least one of the participants. the first encrypted second channel key and one or more second encrypted second channel keys; and distributing the updated channel list to participant devices over the network.

In some implementations, the additional communication over the data channel includes the first encrypted second channel key, the second encrypted second channel key, and the second encrypted second channel key. Contains content encrypted using

In some implementations, the method further includes storing the communications over the data channel and storing additional communications over the data channel.

In some implementations, the channel key allows at least one of the excluded participants to access content of the stored communication, and the second channel key allows at least one of the excluded participants to access the content of the stored communication. At least one excluded person is prevented from accessing the content of additional stored communications.

In some embodiments, a non-transitory computer-readable medium is provided having program instructions embedded therein, the program instructions, when executed by at least one processor, cause the at least one processor to perform a method, the method comprising: , initiating a data channel through a network gaming service, the act of generating a channel key used to encrypt content communicated over the data channel, and associated with the owner of the data channel; generating a first encrypted channel key by encrypting the channel key with the public key obtained by the data channel; generating a second encrypted channel key by encrypting the channel key with a public key associated with the data transmitted over the channel. The message includes encrypted content generated by encrypting the content of the message using a channel key, and further includes a first encrypted channel key and a second encrypted channel. Contains keys.

Other aspects and advantages of the disclosure will become apparent from the following detailed description, which illustrates by way of example the principles of the disclosure, taken in conjunction with the accompanying drawings.

The present disclosure, together with further advantages thereof, may be best understood by reference to the following description in conjunction with the accompanying drawings.

2 conceptually illustrates a public key exchange between a data channel and multiple users according to embodiments of the present disclosure;

3 further illustrates processing of communications between data channel 100 and users of data channel 100 in accordance with embodiments of the present disclosure.

1 illustrates interaction with a data channel 100 by multiple users, according to embodiments of the present disclosure.

1 conceptually illustrates a system that provides a data channel for sharing information, according to embodiments of the present disclosure.

1 conceptually illustrates the transfer of ownership of a data channel 100 according to embodiments of the present disclosure.

1 conceptually illustrates revocation of access to a data channel 100 according to embodiments of the present disclosure.

3 conceptually illustrates game-related communications/data transmitted over an encrypted data channel in accordance with embodiments of the present disclosure; FIG.

2 conceptually illustrates an interface for accessing content of a data channel, according to embodiments of the present disclosure.

2 conceptually illustrates a process for initiating an encrypted private player social data channel, according to embodiments of the present disclosure.

2 conceptually illustrates a process for adding a participant to a data channel, according to embodiments of the present disclosure.

3 conceptually illustrates a change of an encrypted channel key of a data channel to a channel list when a user leaves the data channel according to embodiments of the present disclosure;

8C conceptually illustrates a timeline illustrating encryption of content of a data channel over time, based on the scenario of FIG. 8C, according to embodiments of the present disclosure; FIG.

1 conceptually illustrates the components of messages on a data channel 100, according to embodiments of the present disclosure.

1 illustrates a simplified block diagram of an example system used to preload game content to a cloud gaming server, according to embodiments of the present disclosure. FIG.

FIG. 2 is a flow diagram conceptually illustrating various operations performed to stream a cloud video game to a client device, according to embodiments of the present disclosure.

1 illustrates an exemplary information service provider architecture for delivering information content and services to geographically dispersed and network-connected users in accordance with embodiments of the present invention.

In the description that follows, many specific details are set forth to provide a thorough understanding of the disclosure. However, it will be apparent to those skilled in the art that the present disclosure may be practiced without some or all of these specific details. In other instances, well-known process steps have not been described in detail in order not to obscure the present disclosure.

As the video game field continues to grow in popularity, user-generated information related to video games has never been more abundant. Gaming experiences have evolved to encourage greater social interaction via text/audio/video chat, audio feeds, video feeds, screenshots, video clips, social media posts, comments, and more. Additionally, as cloud gaming expands, more and more user information is being stored in the cloud rather than locally. Therefore, it is desirable to ensure the security and privacy of user data while allowing users to control access to the data according to their preferences.

As mentioned above, network gaming services/systems such as the PlayStation® Network can provide a variety of gaming services that support both console-based and cloud-based gaming. However, while such network gaming services may provide communications and social services to users, user content and information shared via such services may not be secure and network gaming service providers may It is visible. For example, such content may be intercepted by a malicious third party. Additionally, if a network game service is hacked, user information and content may be exposed.

In view of the above, embodiments of the present disclosure provide a secure data channel for communication between users of a network gaming service. A data channel may be instantiated and controlled by one of the users who is the owner/manager of the data channel, including controlling the addition of users to and removal of users from the data channel. Also included. Content shared via a data channel may be encrypted so that it can only be read by users of the data channel.

Throughout this disclosure, for ease of explanation, references to a "user" will often refer to a user, as the user typically uses or operates a user device to interface with the system according to the present disclosure. It will be understood that it is synonymous with a user device associated with or operated by a user. Accordingly, although the term "user" is used in this disclosure for ease of explanation, the term "user" may include both a user and a user device operated by or associated with a user. It is understood and further understood by those skilled in the art that the terms "user" and "user device" may often be used interchangeably in this description of implementations.

FIG. 1A conceptually illustrates a public key exchange between a data channel and multiple users, according to embodiments of the present disclosure. A data channel 100 is shown, which may be understood as a persistent session in which multiple users participate. Data channel 100 is configured to store user-generated content or information and allow participating users to access such content/information. In some implementations, data channel 100 can be conceptualized as a stream of user-generated or user-provided content, with stream recording or streaming serving as a repository of content offerings shared to data channel 100. Such content offerings are accessible to anyone authorized to access the stream defined by data channel 100.

To promote data security, in the example implementation, a public key exchange is performed for each user authorized to access data channel 100. That is, in the exemplary embodiment, the public key of data channel 100 is provided to and stored by user A, and the public key of user A is provided to and stored by data channel 100. Communications from data channel 100 to user A may be encrypted using user A's public key, and communications from user A to data channel 100 may be encrypted using data channel 100's public key. .

Similarly, in the exemplary embodiment, a public key for data channel 100 is provided to and stored by user B, and a public key for user B is provided to and stored by data channel 100. Communications from data channel 100 to user B may be encrypted using user B's public key, and communications from user B to data channel 100 may be encrypted using data channel 100's public key. .

Similarly, in the exemplary embodiment, a public key for data channel 100 is provided to and stored by user C, and a public key for user C is provided to and stored by data channel 100. Communications from data channel 100 to user C may be encrypted using user C's public key, and communications from user C to data channel 100 may be encrypted using data channel 100's public key. .

FIG. 1B further illustrates processing of communications between data channel 100 and users of data channel 100, according to embodiments of the present disclosure. In an exemplary implementation, communications 102 from data channel 100 to user A may be encrypted using user A's public key 104. Upon receiving the communication 102, User A decrypts the communication 102 using User A's private key 106 and renders the content of the communication 102. When user A sends a communication 108 to data channel 100, communication 108 may be encrypted using data channel 100's public key 110. Upon receiving the communication 108, the communication 108 is decrypted using the private key 112 of the data channel 100 and the content of the communication 108 is rendered.

Similar processing occurs in communications between data channel 100 and users B and C. In an exemplary implementation, communications from data channel 100 to User B may be encrypted using User B's public key 114, and upon receipt, User B may use User B's private key 116 to encrypt the communications. decrypt and thereby render the content of the communication. When user B sends a communication to data channel 100, the communication may be encrypted using data channel 100's public key 110, and upon receipt, the communication may be decrypted using data channel 100's private key 112. and the content of the communication is rendered. Further, in the exemplary embodiment, communications from data channel 100 to user C may be encrypted using user C's public key 118, and upon receipt, user C communicates using user C's private key 120. and thereby render the content of the communication. When user C sends a communication to data channel 100, the communication may be encrypted using data channel 100's public key 110, and upon receipt, the communication may be decrypted using data channel 100's private key 112. and the content of the communication is rendered.

FIG. 2 illustrates interaction with data channel 100 by multiple users, according to embodiments of the present disclosure. As described, data channel 100 defines a persistent session such that user-generated content is stored in the persistent session and can be accessed by users who have access to data channel 100.

In some implementations, data channel 100 may be initiated by a particular user of the network gaming service, such as User A in the example implementation. Therefore, user A is the owner of data channel 100 with administrator rights to manage data channel 100. User A may invite other users of the network gaming service, such as users B, C, and D in the example implementation, to join data channel 100. As the administrator of the data channel 100, user A may control who has access to the data channel 100 and also determine the privileges granted to other users, such as allowing other users to read/read the content of the data channel 100. Whether or not it can be viewed/accessed, whether only certain types of content can be accessed, whether or not content can be posted/written/added to the data channel 100, whether only certain types of content can be posted, etc. It may be determined whether people can be invited to read and/or post to data channel 100, whether content can be deleted from data channel 100, whether content within data channel 100 can be edited, and so on. Data regarding users of data channel 100 as described above may be stored as user metadata 200, which may include the users' IDs, their public keys, and specific permissions as shown.

When a new user is added to the data channel 100, a public key exchange between the data channel 100 and the new user may be performed as described above, so that communications between the data channel 100 and the new user can be performed accordingly. It will be appreciated that it may be encrypted. The new user's public key is stored as part of the user metadata 200, along with the new user's ID and authority information.

Data channel 100 may be defined to allow multiple users to share content with each other in a secure manner. Such user-generated content is stored in content storage 204. Additionally, information related to user-generated content is stored as content metadata 202. Non-limiting examples of content metadata include the ID of the content item's creator, the timestamp when the content item was posted, a unique identifier for the content item, the type of content (e.g., text, image, video, etc.) , keywords/tags, descriptors, classifications, etc.

In the exemplary implementation, user A provides/posts a text item 206 to data channel 100 and then posts an image 208 to data channel 100. User B posts a text item 212 and then a video 210 to data channel 100. User D posts a text item 214 to data channel 100. It will be appreciated that, according to embodiments of the present disclosure, communications from users to post their content items may be encrypted with the public key of data channel 100. User C does not have write authority to data channel 100, and therefore there is no posting from user C to data channel 100.

In the exemplary implementation, all users have read permissions for data channel 100, so all users can view and access various content posted to data channel 100. In some implementations, the interface used to access the content of data channel 100 may be in the form of a feed or content stream. In some implementations, content is accessed through an interface that has various sections that organize the content by content type. In some implementations, content is provided in the form of chat logs. It will be appreciated that regardless of the particular interface format in which the content is presented, the content can be securely transmitted from the data channel 100 to the users by encrypting the content with the respective public keys of the various users. .

It will be appreciated that any of a variety of types of content can be shared via data channel 100. For example, text, images, audio, video, and combinations thereof can all be shared. In a cloud gaming context, such content may originate from various sources or interactions related to cloud gaming. Non-limiting examples include chat logs, game event logs, recorded audio of user audio chats, screenshots, gameplay video clips, recorded video of the user's local environment, web links, and the like.

In some implementations, content shared via data channel 100 may include live streaming gameplay video to data channel 100 from a live video game session. That is, a live video feed of a user's gaming session may be made available for viewing by other users of data channel 100. In some implementations, the live video may further include live video from the user's local camera (eg, a personal webcam) and the user's video may be displayed. Such live video sharing may be highly sensitive, and thus users may desire to ensure privacy in such sharing, and data channel 100 may provide this protection while protecting user privacy and security of user information. It will be appreciated that providing a mechanism to enable such sharing.

In some implementations, a user may configure data channel 100 to automatically record certain types of events. It will be appreciated that the user may authorize such automatic sharing to the data channel 100 via an interface that allows the user to select the types of content to specifically share to the data channel 100. In this manner, data channel 100 may be automatically populated with selected types of content. In various implementations, any of the content types described herein as shareable via data channel 100 may be configured to be automatically shared to data channel 100.

In some implementations, data channel 100 may be instantiated for a particular gaming session or event occurring on a cloud gaming system. For example, data channel 100 may be defined for a multiplayer session of a video game, and content from the multiplayer session is shared to data channel 100. In some implementations, players in a multiplayer session (e.g., players forming a team for a video game session) are provided access to data channel 100, thereby providing a secure channel for sharing and communicating. can have.

It will be appreciated that data channel 100 may also be closed or terminated by a user with administrative privileges. For example, user A in an exemplary embodiment may have the ability to close data channel 100 so that no more information is shared to data channel 100. In some implementations, the user may still be allowed to view data channel 100, but cannot add any new information to data channel 100. This can be considered equivalent to user A removing write permissions for all users and at the same time retaining read permissions for users.

FIG. 3 conceptually illustrates a system that provides a data channel for sharing information, according to embodiments of the present disclosure. In the exemplary implementation, User A, User B, and User C operate user/client devices 300, 302, and 304, respectively. User devices 300 , 302 , and 304 communicate with channel server 308 via network 306 . Channel server 308 instantiates data channel sessions, such as data channel sessions 310, 312, and 314 in the example implementation. Each data channel session provides separate data channel functionality in accordance with embodiments of the present disclosure, including receiving content, storing content, and networking with users authorized to access the data channel content. It will be understood that this includes sharing content via.

In the example implementation, data channel sessions access channel metadata storage 316 and channel media storage 326. Channel metadata storage 316 includes metadata for each data channel. As a non-limiting example, channel metadata 318 is defined for data channel session 310 and includes ownership information 320 that identifies one or more owners of the data channel, members of the data channel, and interactions with the data channel. Membership information 322 that identifies each person's privileges in the data channel session 310, and rules/settings for the data channel session 310.

Additionally, in the exemplary implementation, data channel sessions access channel media storage 326 that includes content to share via the data channel. In the example implementation, channel media storage 326 includes channel media 328, which includes, by way of example, various media/content items shared via data channels. In the exemplary implementation, this includes chat/game logs 330, images 352, and videos 334. It will be appreciated that other types of content/media may also be shared via the data channel, as discussed in this disclosure.

In the example implementation, a network gaming service 330 is also shown, which may include various server computers and/or gaming machines that provide support for console/cloud gaming services, thereby allowing users to access video games. and related communication and content generation services such as audio/text chat services, screenshot/gameplay video storage and processing. The content of the data channel may be generated from interactions with the network gaming service 330, including gameplay interactions and user-to-user communication interactions, such that channel servers 308, and more specifically channel sessions, receive their respective data from the network gaming service 330. The content of the data channel may be received.

FIG. 4 conceptually illustrates the transfer of ownership of data channel 100 according to embodiments of the present disclosure. In a typical scenario, data channel 100 has an owner, which is typically the user who initiates data channel 100. For example, in the exemplary embodiment, user A is the current owner of data channel 100 and, as the owner, manages data channel 100, including controlling the membership and configuration of data channel 100. is included. However, user A may no longer wish to manage data channel 100. Accordingly, in some implementations, user A may transfer ownership of data channel 100 to another user. In the exemplary embodiment, user A is conceptually shown transferring ownership of data channel 100 to user B, as indicated by reference numeral 400. By doing so, User A initiates a transaction to update ownership information 320 (reference numeral 402) and confirms that User B is the owner of data channel 100 and currently has administrative rights regarding data channel 100. to reflect ownership.

FIG. 5 conceptually illustrates revocation of access to data channel 100 according to embodiments of the present disclosure. In the exemplary implementation, User A is a channel owner with administrative privileges for data channel 100, and as shown conceptually at reference numeral 500, User A has access to User C's data channel 100. cancel. To accomplish this, user A initiates a transaction to update membership information 322 of data channel 100 (reference numeral 502), so that user C is no longer granted access to data channel 100. In some implementations, this involves changing the settings of membership information 322 associated with user C such that the content of data channel 100 can no longer be published using user C's public key (e.g. Disable read/write privileges for user C). In some implementations, User C's public key and/or other information is excluded or deleted from the membership information.

FIG. 6 conceptually illustrates game-related communications/data transmitted over an encrypted data channel in accordance with embodiments of the present disclosure. It will be appreciated that to protect the privacy of user data, real-time activities that occur during a game session may be shared via an encrypted data channel. In the exemplary implementation, a video game session 600 is executed, which defines an active game state of a video game being played by multiple users 608, 610, 612, and 614. Several related communication and data services are provided for user interactivity during video game session 600. By way of non-limiting example, such services include a text chat service 602 that provides text-based communications between users, and audio communications between users (e.g., speech from a microphone associated with or operated by the user). an audio chat service 604 that provides video sharing (e.g., provides a user's own video for others to see) from the user's own camera in the user's local environment; A service 606 may be included, and a game log service 606 that displays and records game activity/events to allow a user to better understand events that occur during a video game session. For each of these services, as well as other services according to embodiments of the present disclosure, data transmitted to and received from users may be encrypted over data channel 100. Therefore, sensitive data provided by related services involved in a video game session is processed to ensure user privacy and data protection.

FIG. 7 conceptually illustrates an interface for accessing content of a data channel, according to embodiments of the present disclosure. In the example implementation, interface 700 is conceptualized as a stream of content. The data channel may be named as shown at reference numeral 702 and the owner of the data channel may be identified as shown at reference numeral 704.

Member status section 706 shows the current status of the members of the data channel. For example, members may be online, offline, participating in gameplay, etc. The owner may have administrative privileges and therefore be able to add/exclude users from the data channel so that the user may or may not have access to the data channel's content stream. It will be understood that this may be possible.

At reference numeral 708, a posting interface is shown that allows a user to post comments, or images, or videos to the data channel content stream. The streams of content that are part of interface 700 may include various types of content, as shown. For example, at reference numeral 710, updates/notifications regarding gaming activity are displayed indicating that a gaming session is in progress and other related information such as the duration of the session and the IDs of the participants in the session. In some implementations, such content items may provide access to view more detailed information about the session and/or allow viewing live gameplay of the session.

Content item 712 is a video posting of a game session, which includes comments by the user posting the video. Item 714 shows reactions to item 712 from other users.

In this example, content item 716 is a text post that asks other users of data channel 100 a question. It will be appreciated that the user may post a reply to item 716.

Although implementations according to the present disclosure have been described with reference to content originating from cloud games, the principles and implementations of the present disclosure may be applied to console games, PC games, mobile device games, browser-based games, social media games, or It will be appreciated that content derived from video games running on other types of devices and/or in other types of contexts is also applicable.

FIG. 8A conceptually illustrates a process for starting an encrypted private player social data channel, according to embodiments of the present disclosure. In the exemplary embodiment, owner 800 has set up data channel 100. The owner/manager 800 initiates a channel by generating a channel key K _i , as shown at reference numeral 802 . The channel key K _i is encrypted (reference number 806 ) using the owner's public key 804 and the encrypted channel key E _O (K _i ) is stored in the data channel 100 .

FIG. 8B conceptually illustrates a process for adding participants to a data channel, according to embodiments of the present disclosure. For example, to add participant/user P ₁ to the data channel 100 (reference number 816), the owner 800 uses the owner's private key 812 to add the encrypted channel key E _O (K _i ) (reference number 810) to obtain the channel key K _i . The channel key Ki is then encrypted (reference number 814) using the public key of participant _P1 (reference number 818). The resulting encrypted channel key E _P1 (K _i ) for participant P ₁ is stored in data channel 100, as shown. Similarly, to add another participant P ₂ (reference number 822) to the data channel 100, the decrypted channel key K _i is added using participant P ₂ 's public key (reference number 824). The encrypted channel key E _P2 (K _i ) of participant P ₂ is encrypted (reference number 820 ) and stored in data channel 100 .

When an owner/administrator starts a data channel and adds participants, encryption of the channel key takes place on the owner's device in a zero-trust manner, which allows the channel key and It will be appreciated that the encrypted data will not be disclosed to any party other than the owner and the participants. Therefore, even the network game service does not secretly know the channel key and encrypted data of the data channel. Because the content of the data channel is stored in encrypted form, the data channel can thus be maintained by the network gaming service and its systems without the content being exposed to the network gaming service. The data channel makes the encrypted keys (E _O (K _i ), E _P1 (K _i ), E _P2 (K _i ), etc.) available to all channel members, and when a participant joins, the The encrypted channel key may be added to a channel list, which may be maintained by the network gaming service.

In some implementations, the channel keys are symmetric (eg, AES). In some implementations, the owner key and participant key are asymmetric (eg, RSA, ECC, DS+EG).

FIG. 8C conceptually illustrates the modification of a data channel's encrypted channel key to the channel list when a user leaves the data channel, according to embodiments of the present disclosure. As shown, according to the embodiments described above, a first channel key K ₁ is generated for a data channel having channel members including an owner and participants P ₁ and P ₂ . The channel key is encrypted with the member's public key, and the encrypted channel key is thus stored in channel list 830A. As shown in _{the exemplary embodiment, the encrypted channel keys include encrypted channel keys E O (K 1 ) , E P1} (K ₁ ), and E _P2 (K ₁ ).

If a participant P ₁ leaves (or is excluded from the data channel), a second channel key K ₂ is generated and encrypted with the public keys of the remaining members of the data channel. In the exemplary implementation, encrypted channel keys E _O (K ₂ ) and E _P2 (K ₂ ) are added to the channel list for the owner and participant P ₂ , respectively. These are added to the encrypted channel keys (E _O (K ₁ ), E _P1 (K ₁ ), and E _P2 (K ₁ )) encrypted from the first channel key. In this way, participant _P1 can still decrypt old content/messages that were encrypted using the first channel key _K1 , but using the second channel key _K2 . New content that has been encrypted cannot be decrypted.

Continuing to refer to FIG. 8C, consider a scenario where another participant P ₃ joins the data channel. In some implementations, participant P ₃ may be added to the data channel with full access to the entire history of the data channel, such that participant P ₃ has access to all historical content of the data channel. It becomes possible to display. In this case, both the first and second channel keys _K1 and _K2 are encrypted with the public key of the new participant _P3 and are encrypted as shown in the channel list with reference number 830C. The channel keys E _P3 (K ₁ ) and E _P3 (K ₂ ) are added to the channel list.

However, in some implementations, participant P ₃ does not have access to historical content of the data channel, but a new provider that does have access to content shared to the data channel after the time of participant P ₃ 's participation. can be added to the data channel only as In this case, a new third channel key K ₃ is then generated and encrypted with the public keys of the owner and participants P ₂ and P ₃ . New encrypted channel keys E _O (K ₃ ), E _P2 (K ₃ ), and E _P3 (K ₃ ) are added to the channel list, as shown at reference numeral 830D.

FIG. 8D conceptually illustrates a timeline illustrating encryption of content of a data channel over time based on the scenario of FIG. 8C, according to embodiments of the present disclosure. In an exemplary embodiment, in scenario A, participant P ₁ leaves and participant P ₃ joins with full access to the channel's history. On the other hand, in scenario B, participant P ₁ leaves and participant P ₃ joins without having access to the channel's history (but having access to the content after joining). As shown at reference numeral 840, the owner first creates a data channel and adds participants P ₁ and P ₂ . Participant P ₁ then leaves, as indicated by reference numeral 842 . Further following this, participant P ₃ joins the data channel, as shown at reference numeral 844 .

In scenario A shown in the example implementation, the channel is initially encrypted with channel key K ₁ during the period 846 from when the channel is created until P ₁ leaves. Then, in a period 848 after P ₁ leaves, the channel is encrypted with channel key K ₂ . Even if participant P ₃ joins the channel, the channel is still encrypted with channel key K ₂ .

In the scenario B shown, during the period 850 from when the channel is created until P ₁ leaves, the channel is also initially encrypted with the channel key K ₁ . In the period 852 after P ₁ leaves, the channel is encrypted with channel key K ₂ . However, when participant P ₃ joins, in period 854 the channel is encrypted with a new channel key K ₃ .

FIG. 8E conceptually illustrates the components of messages on data channel 100, according to embodiments of the present disclosure. In the example implementation, a given message 860 is shown including an encrypted channel key 862, a message signature 864, and encrypted content 866. Encrypted channel keys 862 include all of the encrypted channel keys included in the channel list. It will be appreciated that encrypted channel keys can only be decrypted by their respective private key holders, which are the owners and participants authorized to access the data channel 100. As explained, there may be multiple channel keys, and these may be encrypted with public keys of different user subsets.

Message 860 further includes a message signature 864. In some implementations, the message signature uses a symmetric signature algorithm (eg, HMAC (hash-based/keyed hash message authentication code), GMAC (galois message authentication code), CMAC (cipher-based message authentication code)).

Message 860 further includes encrypted content 866, ie, the content of the message encrypted with channel key Ki. Content may include text, images, videos, etc.

In some implementations, encrypted content 866 and message signature 864 are generated simultaneously through the same process (eg, using AES-GCM (Advanced Encryption Standard - Galois/Counter Mode)).

Thus, each message within the data channel includes an encrypted channel key, a message signature, and encrypted message content. When a user (eg, owner or participant) receives a message, it parses the message to find the channel key encrypted with the public key and decrypts the channel key. The user may then decrypt the contents of the message using the decrypted channel key.

It will be appreciated that access to the content of the message is controlled through the particular channel key used to encrypt the content and through management of the encryption of the channel key. The channel keys used to encrypt the content are encrypted with public keys only for specific users authorized to access the content, and these encrypted keys are included in the message. Channel keys are only transmitted in encrypted form, so only the holder of the corresponding private key can access the channel key and decrypt the content. It provides a zero trust solution from the user's perspective, and is a network that stores data channel metadata (in encrypted form) and manages the channel (e.g. by facilitating data communication between users). Even gaming services cannot decrypt the channel key and therefore have no access to the content. Furthermore, even if a given message is somehow intercepted or misdirected by a third party, the contents of the message remain confidential since such recipients will not be able to decrypt the channel key.

As mentioned above, the data channel may be managed using the resources of the network gaming service. For example, a network gaming service may maintain a channel list when a member is removed (providing a new channel key to all remaining members as described above) or when a new member is added (providing a new channel key as described above). Distribute the channel list to currently active members of the data channel as needed, such as providing the channel list to new members and updating existing members to include the new encrypted channel key. It is possible. When a member of a data channel generates a message, it may encrypt the content using the current channel key and may concatenate the encrypted keys of the channel list. The message may be sent to the network gaming service's data channel service/logic/handler, stored, and distributed to other users.

As mentioned above, embodiments of the present disclosure may be applied to cloud gaming systems. An example of a cloud game system is the PlayStation (registered trademark) Now cloud game system. In such systems, the client device may be a game console, such as a PlayStation® 4 game console, or another device such as a personal computer, laptop, tablet, cell phone, mobile device, etc.

Generally, when a user request for a game title is received, several actions are performed by one or more servers within a data center associated with the cloud gaming site to enable the cloud game. When the cloud gaming site receives a user request, the data center hosting the game associated with the selected game title is identified and the request is made to the identified data center to instantiate the game for the selected game title. is sent. In response to the request, the data center server identifies the game code, loads the identified game code, and initializes files associated with the game code in preparation for presenting the game content to the user. Game data associated with a game may include general game data and user-specific game data. Accordingly, initializing the files may include identifying, loading, and initializing both general game data and user-specific game data. Initializing general game data may include initializing the graphics engine, installing graphics data, initializing sound files, installing artwork, etc. Initializing user-specific data may include retrieving, transferring, and installing user data, user history, game history, etc.

A "splash" screen may be provided to be rendered on the client device while general game data is loaded and initialized. The splash screen may be designed to provide a representative image of the game being loaded, allowing the user to preview a good example of the game being loaded. Once the general game data is loaded, specific initial content may be rendered and selection/navigation screens may be presented for user selection and customization. User selections entered on the selection/navigation screen may require selection of game level, selection of game icon(s), selection of game mode, game acquisitions, and uploading of additional game content by other users. Related data may be included. In some embodiments, game content is made available for viewing and interaction by streaming the game content from a cloud gaming system to a user's computing device. In some implementations, after loading the user-specific data, the game content is available for game play.

FIG. 9A shows an example system used to load game files for games available via a cloud gaming site. The system includes a plurality of client devices 900 communicatively connected to a cloud gaming site 904 via a network 902, such as the Internet. When a request to access a cloud gaming site 904 is received from a client device 900, the cloud gaming site 904 accesses user account information 906 stored in a user data store 908 to determine information associated with the client device that originated the request. identify the user who In some embodiments, the cloud gaming site may also verify the identified user to identify all games the user is authorized to view/play. Following identification/verification of the user account, the cloud gaming site accesses game title data store 910 to identify game titles available at the cloud gaming site to the user account that originated the request. Game title data store 910, in turn, interacts with game database 912 to obtain game titles for all games available to the cloud gaming site. When a new game is introduced, the game database 912 is updated with the game code, and the game title data store 910 is provided with game title information for the newly introduced game. The client device that sent the request may or may not be registered with the cloud game site at the time the request is sent. If the user of the client device that originated the request is not a registered user, the cloud gaming site may identify the user as a new user and select a suitable game title (eg, a default set of game titles) for the new user. As shown in FIG. 9A, the identified game title is returned to the client device for presentation on display screen 900-a.

A user interaction with one of the game titles rendered on the client device is detected and a signal is sent to the cloud gaming site. The signal includes the game title information in which the user interaction was detected and the user interaction registered with the game title. In response to signals received from client devices, the cloud gaming site proactively identifies the data center where the game is hosted and sends a signal to the identified data center to direct the user interaction to the game title in which it was detected. Load the associated game. In some embodiments, multiple data centers may host the game. In such embodiments, the cloud gaming site determines the geographic location of the client device that originated the request, identifies a data center that is geographically proximate to the client device, and signals the data center to preload the game. Can be sent. The user's geographic location may be determined using a Global Positioning System (GPS) mechanism within the client device, the client's IP address, the client's ping information, to name a few. Of course, the above-described methods of detecting a user's geographic location may be exemplary, and other types of mechanisms or tools may be used to determine the user's geographic location. By identifying data centers that are close to client devices, the latency when users interact with the game can be minimized. In some embodiments, the identified data center may not have the necessary bandwidth/processing power to host the game, or may be overutilized. In these embodiments, the cloud gaming site may identify a second data center that is geographically proximate to the client device. Loading the game includes loading game code and running an instance of the game.

In response to receiving the signal from the cloud gaming site, the identified data center may select a server at the data center to instantiate a game on the server. The server is selected based on available hardware/software processing power and game requirements. The server may include multiple game consoles, and the server may determine which of the multiple game consoles to use to load the game. The game console may resemble a freestanding game console, or may be a rack mount server or a blade server. A blade server, in turn, may include multiple server blades, each blade having the necessary circuitry to instantiate a single dedicated application, such as a game. Of course, the aforementioned game consoles are illustrative and should not be considered limiting. Other types of game consoles, including game stations and the like, and other forms of blade servers may also be used to host the identified games.

Once the game console is identified, the cloud gaming site loads the game's general game-related code onto the game console and sends a signal back to the client device over the network that identifies the game console on which the game is instantiated. It will be done. In this way, the loaded game becomes available to the user.

FIG. 9B is a flow diagram conceptually illustrating various operations performed to stream a cloud video game to a client device, according to embodiments of the present disclosure. Gaming system 918 runs video games and produces raw (uncompressed) video 920 and audio 922. Video 920 and audio 922 are captured and encoded for streaming, as indicated by reference numeral 924 in the diagram shown. Encoding compresses video and audio streams, reduces bandwidth usage, and can optimize the gaming experience. As an example of the encoding format, H. 265/MPEG-H, H. 264/MPEG-4, H.264/MPEG-4. 263/MPEG-4, H.263/MPEG-4. 262/MPEG-2, WMV, VP6/7/8/9, etc.

Encoded audio 926 and encoded video 928 are further packetized into network packets, as shown at 932, for transmission over a network, such as the Internet. The network packet encoding process may also employ a data encryption process, thereby enhancing data security. In the exemplary implementation, audio packets 934 and video packets 936 are generated for transmission over the network, as shown at reference numeral 940.

Gaming system 918 further generates haptic feedback data 930, which is also packetized into network packets for network transmission. In the exemplary embodiment, a haptic feedback packet 938 is generated for transmission over the network, as further indicated by reference numeral 940.

The aforementioned operations of generating raw video and audio and haptic feedback data, encoding the video and audio, and packetizing the encoded audio/video and haptic feedback data for transmission include: , run on one or more servers that collectively define a cloud gaming service/system. As shown at reference numeral 940, the audio, video, and haptic feedback packets are transferred over a network such as and/or including the Internet. As shown at reference numeral 942, audio packets 934, video packets 936, and haptic feedback packets 938 are decoded/reconstructed by the client device, and encoded audio 946, encoded Video 948 and haptic feedback data 950 are defined. If the data is encrypted, the network packet is also decrypted. Encoded audio 946 and encoded video 948 are then decoded by the client device, as shown at reference numeral 944, to produce client-side raw audio and video data and display device 952. rendered on top. Haptic feedback data 950 may be processed/communicated to generate haptic feedback effects at a controller device 956 or other interface device that may render haptic effects. An example of a haptic effect is vibration or rumble of the controller device 956.

Since video games are responsive to user input, it will be appreciated that a similar flow of procedures as described above may be performed in the reverse direction from the client device to the server with respect to the transmission and processing of user input. As shown, a user operating controller device 956 may generate input data 958. This input data 958 is packetized at the client device for transmission over the network to the cloud gaming system. Input data packets 960 are restored and reconstructed by the cloud game server to define input data 962 on the server side. Input data 962 is provided to gaming system 918, which processes input data 962 to update the game state of the video game.

During the transfer of audio packets 934, video packets 936, and haptic feedback packets 938 (reference numeral 940), the transmission of data over the network may be monitored to ensure quality of service of the cloud game stream. For example, as indicated by reference numeral 964, network conditions including both upstream and downstream network bandwidth may be monitored and game streaming may be adjusted in response to changes in available bandwidth. That is, as indicated by reference numeral 966, encoding and decoding of network packets may be controlled based on current network conditions.

FIG. 10 illustrates an embodiment of an information service provider architecture. An information service provider (ISP) 1070 delivers multiple information services to geographically dispersed and connected users 1082 via a network 1086. ISPs can deliver only one type of service, such as stock price updates, or a variety of services, such as broadcast media, news, sports, games, etc. Furthermore, the services provided by each ISP can be dynamic, ie, services can be added or removed at any time. Therefore, the ISP that provides a particular type of service to a particular individual may change over time. For example, the user may be served by an ISP near the user while in the user's hometown, and if the user moves to another city, the user may be served by another ISP. The local ISP transfers the necessary information and data to the new ISP, so that the user information "follows" the user to the new city, making the user closer to and more accessible to the data. In another embodiment, a master-server relationship may be established between a master ISP that manages information for users and a server ISP that directly interfaces with users under the control of the master ISP. In another embodiment, as a client moves around the world, data is transferred from one ISP to another, so that the ISP that is better positioned to serve the user can deliver those services. Becomes an ISP.

ISP 1070 includes an application service provider (ASP) 1072 that provides computer-based services to customers over a network. Software provided using the ASP model is sometimes referred to as software on demand or software as a service (SaaS). A simple form of providing access to specific application programs (such as customer relationship management) uses standard protocols such as HTTP. The application software resides on the vendor's system and is accessed by the user through a web browser using HTML, through specialized client software provided by the vendor, or through other remote interfaces such as thin clients. .

Services that are delivered over large geographic areas often use cloud computing. Cloud computing is a computing modality in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users do not need to be experts in the "cloud" technology infrastructure that supports them. Cloud computing can be classified into different services such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Cloud computing services often provide common business applications online that are accessed from a web browser, but the software and data are stored on servers. The term cloud is used as a metaphor for the Internet (e.g., using servers, storage, and logic), based on how it is depicted in computer network diagrams, and is an abstract concept that hides complex infrastructure. .

Additionally, ISP 1070 includes a game processing server (GPS) 1074 that game clients use to play single and multiplayer video games. Most video games played over the Internet operate through a connection to a game server. Typically, games use dedicated server applications that collect data from players and distribute the collected data to other players. This is more efficient and effective than a peer-to-peer configuration, but requires a separate server to host the server application. In another embodiment, the GPS establishes communications between the players and their respective gameplay devices to exchange information without relying on a centralized GPS.

A dedicated GPS is a server that operates independently of the client. Such servers typically run on dedicated hardware located in data centers and provide more bandwidth and dedicated processing power. Dedicated servers are the preferred method for hosting game servers for most PC-based multiplayer games. Massively multiplayer online games run on dedicated servers, typically hosted by the software company that owns the game title, allowing the dedicated server to control and update the content.

Broadcast processing server (BPS) 1076 delivers audio or video signals to viewers. Broadcasting to a very narrow audience is sometimes called narrowcasting. The final step in broadcast distribution is the method of transmitting the signal to the listener or viewer; the signal may be transmitted terrestrially to an antenna and receiver, as in the case of a radio or television station, or via a station. It may be transmitted through cable television or cable radio (or "over-the-air cable") or directly from a network. The Internet can also deliver radio or television to recipients, especially using multicast, which allows signal and bandwidth sharing. Historically, broadcasting has been scoped by geographic areas, such as national or regional broadcasts. However, with the spread of high-speed internet, content can reach almost every country in the world, so broadcasting is no longer defined by region.

Storage service provider (SSP) 1078 provides computer storage space and related management services. SSP also provides regular backups and archives. By providing storage as a service, users can order more storage as needed. Another big advantage is that SSP includes a backup service so that users do not lose all their data if their computer's hard drive fails. Additionally, multiple SSPs may have full or partial copies of user data, allowing users to access data in an efficient manner, regardless of the user's location or the device used to access the data. It becomes possible to access. For example, users can access personal files on their home computers as well as mobile phones while on the move.

Communication provider 1080 provides connectivity to users. One type of communication provider is an Internet Service Provider (ISP), which provides access to the Internet. ISPs connect their customers using any data transmission technology suitable for providing Internet Protocol datagrams, such as dial-up, DSL, cable modem, fiber, wireless, or dedicated high-speed interconnects. Communications providers may also offer messaging services such as email, instant messaging, and SMS text. Another type of communications provider is a network service provider (NSP), which sells bandwidth or network access by providing direct backbone access to the Internet. Network service providers may consist of telecommunications companies, data carriers, wireless communication providers, Internet service providers, cable television operators that provide high-speed Internet access, and the like.

Data exchange 1088 interconnects several modules within ISP 1070 and connects these modules to users 1082 via network 1086. Data exchange 1088 may cover a small area where all modules of ISP 1070 are in close proximity, or it may cover a large geographic area if the various modules are geographically dispersed. For example, data exchange 1088 may include high speed Gigabit Ethernet (or even faster) or an intercontinental virtual area network (VLAN) within a data center cabinet.

A user 1082 accesses remote services through a client device 1084 that includes at least a CPU, memory, display, and I/O. A client device can be a PC, mobile phone, netbook, tablet, gaming system, PDA, etc. In one embodiment, the ISP 1070 recognizes the type of device used by the client and adjusts the communication method employed. In other cases, client devices access ISP 1070 using standard communication methods such as HTML.

Embodiments of the present disclosure may be implemented in a variety of computer system configurations, including handheld devices, microprocessor systems, microprocessor-based or programmable consumer electronics, small computers, mainframe computers, and the like. The present disclosure can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through wire-based or wireless networks.

In light of the foregoing embodiments, it should be understood that the present disclosure may employ various computer-implemented operations involving data stored on computer systems. These operations are operations that require physical manipulation of physical quantities. Any of the operations described herein that form part of this disclosure are useful machine operations. The present disclosure also relates to devices or apparatus for performing these operations. The device may be specially constructed for the required purpose, or the device may be a general purpose computer selectively enabled or configured by a computer program stored in the computer. In particular, various general purpose machines may be used with computer programs written in accordance with the teachings herein, or it may be more convenient to construct more specialized apparatus to perform the required operations. It can be.

The present disclosure may also be embodied as computer readable code on a computer readable medium. Alternatively, the computer readable code may be downloaded from the server using the data exchange interconnect described above. A computer-readable medium is any data storage device that can store data that can later be read by a computer system. Examples of computer-readable media include hard drives, network attached storage (NAS), read-only memory, random access memory, CD-ROM, CD-R, CD-RW, magnetic tape, and other optical and non-optical data storage devices. can be mentioned. Computer-readable media can include computer-readable tangible media that is distributed over a network-coupled computer system so that computer-readable code is stored and executed in a distributed manner.

Although the method operations have been described in a particular order, other maintenance operations may be performed in between the operations, or the operations may be performed at slightly different times, as long as the processing of the overlay operations is performed in the desired manner. It should be appreciated that processing operations may be tailored to occur or may be distributed within the system to allow processing operations to occur at various processing-related intervals.

Although the foregoing disclosure has been described in some detail for clarity of understanding, it will be obvious that certain changes and modifications may be practiced within the scope of the appended claims. Accordingly, the present embodiments are to be regarded as illustrative rather than limiting, and the present disclosure is not to be limited to the details provided herein, but within the scope and equivalents of the described embodiments. may be changed.

Claims (7)

receiving a first encrypted channel key for the data channel over a network from an owner device associated with an owner of the data channel, the first encrypted channel key being , a channel key encrypted with a public key associated with the owner of the data channel, the channel key being used to encrypt content shared via the data channel; receiving and
receiving one or more second encrypted channel keys from the owner device via the network, each second encrypted channel key being a respective one of each of the data channels; the receiving, the channel key being encrypted with a public key associated with a participant;
storing the first encrypted channel key and the one or more second encrypted channel keys in a channel list;
distributing the channel list to one or more participant devices respectively associated with each participant of the data channel via the network;
A method comprising:
Communication via the data channel includes the first encrypted channel key, the second encrypted channel key, and content encrypted using the channel key.
Method. When a communication is received by the owner device over the data channel, the channel key is decrypted from the first encrypted channel key using a private key associated with the owner. , the decrypted channel key is further used to decrypt the encrypted content of the communication. When a communication is received by a participant device over the data channel, the channel key is decrypted from a second encrypted channel key using a private key associated with the participant; 2. The method of claim 1 , further comprising decrypting the encrypted content of the communication using a decrypted channel key. receiving a first encrypted second channel key of the data channel from the owner device via a network, the first encrypted second channel key being the first encrypted second channel key of the data channel; a second channel key encrypted with the public key associated with the owner of the data channel, the second channel key configured to exclude at least one of the participants; said receiving is used to encrypt content shared via a data channel;
receiving one or more second encrypted second channel keys from the owner device via the network, each second encrypted second channel key having a respective , the second channel key encrypted with the public key of one of the participants, and the one or more second encrypted second channel keys include receiving a second encrypted second channel key that is the second channel key encrypted with the public key of the excluded at least one of;
updating the channel list to include the first encrypted second channel key and the one or more second encrypted second channel keys;
distributing the updated channel list to the participant devices via the network;
2. The method of claim 1 , further comprising: Additional communication via the data channel uses the first encrypted second channel key, the second encrypted second channel key, and the second channel key. 5. The method of claim 4 , comprising encrypted content. storing the communication via the data channel;
storing the additional communication via the data channel;
6. The method of claim 5 , further comprising: the channel key allows the excluded at least one of the participants to access the content of the stored communication;
7. The method of claim 6 , wherein the second channel key prevents the excluded at least one of the participants from accessing the content of the additional stored communications.

Images